Main Vulnerability Database Vulnerabilities #VU37055

#VU37055 Input validation error in OfficeScan - CVE-2018-10508

Published: June 12, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37055

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-10508

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OfficeScan

Software vendor:
Trend Micro

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.

Remediation

Install update from vendor's website.

External links

https://success.trendmicro.com/solution/1119961

#VU37055 Input validation error in OfficeScan - CVE-2018-10508

Description

Remediation

External links

Please verify you're human